Is it my imagination or they are selling Silverlight for the enterprise space? This is a question to all experts, in my line of work, I have to deliver enterprise solutions that will stand in any environment and will talk to existing enterprise architectures as well as will perform to the standards. Where does Microsoft Silverlight fits in all that? So let’s say that you are implementing a huge environment inside a network that external users need to consume. You have 2 options, add the servers outside the firewall or use Microsoft Internet Security & Acceleration Server, a very fancy enterprise ready proxy to expose web applications to the internet without users having access to the physical computer (fancy reverse proxy).
Now ISA is very flexible and can read HTML, TEXT, XML and re-write URL to expose IIS on the internet, so the URLs and resources get automatically re-written so no changes need to be made on the ASP.NET app. A typical ASP.NET application is deployed on a farm of web servers that are linked on a load balancer then ISA translates the traffic to the outside world and the links as well manages all security requests between IIS and ISA and application servers.
How ISA manages Silverlight 2?
How does ISA managed Silverlight 2? So there is a XAP file (a Zip file of all Silverlight DLLS) that will go over IIS and ISA will deliver to the browser like any other image for that matter, the browser is the one that will load and process Silverlight using he Silverlight plug in. So is not a server and does not render HTML, means in plain Spanglish that the Silverlight application that works inside the Intranet that access resources and applications servers inside the Intranet won’t be able to access resources on the Internet, is like taking a fish out of the water. Silverlight will try to access your database located at 192.168.1.1 without any success or the webservice at your 192.168.1.2 that now thanks to the ISA you can access by the name of mickey.corpnet.com
ISA cannot see inside the DLLS to replace 192.168.1.2 to mickey.corpnet.com as well requests from the browser that have not being process inside the corpnet network will be lost on the Internet? Now ISA does just much more than filtering, takes care of knowing where to send the request back so will work with load balancers, caching engines providing replicated content as well as session state servers.
Silverlight accessing secured resources
Another point in the enterprise space is the security, you login into ISA and ISA will take care of sending that information to the respective IIS servers, now what happens when Silverlight makes a request from the browser without inheriting all the security from the ASPX page? I bet you the request won’t make it very far.
This is about security, do you want the user to receive all your application zip up nicely so can see what is doing? So it means that you need to write code as you were writing for an Open Source solution, do not add anything in Silverlight that will compromise the solution as at the end of the request, you’ll provide the user all your source code.
Do I need to add all my business logic in the ASP.NET app?
The Solutions is Silverlight 3?
Is then Microsoft Silverlight 3 the enterprise ready solution that will be provided for us? We know now that will inherit the security from the server side, yet, and will provide us with object state as well as browser history, yet any change of having ISA being able to change the resources that Silverlight will have to consume? In other words, will Silverlight 3 XAP going to be able to be translated by ISA?
We know that we can open XAP files and open as well the DLL that it contains by using reflector, now is ISA going to open those dlls, translate links and recompile them on the fly? Or Microsoft will provide us with a solution that we can attached a resource file that gets zip inside the XAP file so ISA can access?
Hacking Silverlight?
We know that we need a solution to this problem if we want to use Silverlight on enterprise solutions, otherwise what Microsoft Silverlight provides in performance is taking it away from not being very flexible in the Web.
Right now we know that out of the box Silverlight and ISA won’t work like ASP.NET that does not need any code changes to be configured using ISA or any other reverse proxy, Silverlight is going to need to understand profiles in different domains. So the idea is not elegant nor simple, you’ll have to add all your resources into different XML files, each XML file is for a different profile, so thing that you are using the Silverlight application in 7 different functions and domains around the solution, and 7 more outside the network, you’ll have to package secured those resources to access the application servers that you need.
There are many way to do it, you can build the XAP depending who is requesting it and add the XML inside the XAP so when the XAP loads on the browser your XML is there for you to read and know the names of the computers you need to talk to.
You can also deploy a webservices that from any place the Silverlight application can access and get information of where I am? Where is everything?
In any case, non of these solutions are ideal, as is expecting the developer to get it ready for the enterprise instead of being able to work with existing enterprise solutions.
Please tell me your story!
Given that, I would like to hear of your experience in Silverlight on an enterprise implementation. How did you solve the issues of Silverlight security as well as other resources that had to consume? Is then Silverlight just a technology for writing nice banners? What about clustering, load balancing, session state?
Cheers
Al
Follow me in twitter | bookmark me | Subscribe to my feed | Add stats to your blog